Last visited

Community Reputation

About SallyShears

Wazoo, thanks for staying with me on this...
No, it's not the whole spam, I deleted a long list of redirects through AOL to actual ebay images and pages.
I also saw the </form>... But there is NO <form> tag in the original spam. None.
-- Sally

OK, I've done some more testing at http://www.spamcop.net/sc
Spamcop sees no URL in this:
<center><button onclick=3d"location=2ehref=3dunescape('http://210=2e78=2e=
22=2e113/verify=2ehtm');" style=3d"font: 8pt verdana, sans-serif;">=20
Go to eBay Billing Center</button></center>
Trying different things, I think it's the button tag. When I change button to A, spamcop sees the URL but cannot parse it.
This input:
<center><A href=3dunescape('http://210=2e78=2e=
22=2e113/verify=2ehtm');" style=3d"font: 8pt verdana, sans-serif;">=20
Go to eBay Billing Center</A></center>
Produces this output:
Tracking link: http://unescape('http://210.78.22.113/...tm');"
unescape('http is not a hostname
Cannot resolve http://unescape('http://210.78.22.113/...tm');"
Can someone help here? I think it would be nice if SpamCop would see the URL and report the host for schemes like this... Or am I missing something?
-- Sally

In an eBay phfishing mail I received today, the URL of the site is obfuscated in a way that SpamCop seems unable to penetrate...
In the middle of a form is this code:
<center><button onclick=3d"location=2ehref=3dunescape('http://210=2e78=2e=
22=2e113/verify=2ehtm');" style=3d"font: 8pt verdana, sans-serif;">=20
Go to eBay Billing Center</button></center>
Using PINE in Linux, this is translated to
<center><button onclick="location.href=unescape('http://210.78.22.113/verify.htm');" style="font: 8pt verdana, sans-serif;">
Go to eBay Billing Center</button></center>
But, SpamCop (i.e. web page, submit spam, showing technical details) tells me it did not find this URL. I think the rogue has innovated a way to obfuscate the URL so that SpamCop doesn't find it.
THANK YOU !! for SpamCop !
-- Sally